Bug#903633: Please set proper SELinux labels

Thu, 12 Jul 2018 02:27:31 -0700 

Source: apparmor
Version: 2.13-2
Severity: normal
Tags: patch
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux

Hi,

When updating/installing the apparmor package, the postinstallation
script is creating a bunch of files in /tmp and the moves them in
/etc/apparmor.

If SELinux is enabled on the machine (that can happen as apparmor is now
installed by default) the files get a wrong label.

To fix that you can use the -Z option of the mv command, this is an
option that is available since coreutils 8.22 (which is already in
oldstable).

Could you please apply the attached patch?

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

-- debconf information:
* apparmor/homedirs:

diff -Nru apparmor-2.13/debian/aa-update-browser 
apparmor-2.13/debian/aa-update-browser
--- apparmor-2.13/debian/aa-update-browser      2018-07-07 19:15:31.000000000 
+0200
+++ apparmor-2.13/debian/aa-update-browser      2018-07-12 11:11:05.000000000 
+0200
@@ -139,7 +139,7 @@
         rm -f "$tmp"
         continue
     fi
-    mv -f "$tmp" "$dir/$include" || {
+    mv -Z -f "$tmp" "$dir/$include" || {
         rm -f "$tmp"
         exit 1
     }
diff -Nru apparmor-2.13/debian/apparmor.postinst 
apparmor-2.13/debian/apparmor.postinst
--- apparmor-2.13/debian/apparmor.postinst      2018-07-07 19:15:31.000000000 
+0200
+++ apparmor-2.13/debian/apparmor.postinst      2018-07-12 11:10:41.000000000 
+0200
@@ -56,7 +56,7 @@
 EOM
         fi
         mkdir -p /etc/apparmor.d/tunables/home.d 2>/dev/null || true
-        mv -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu
+        mv -Z -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu
         chmod 644 /etc/apparmor.d/tunables/home.d/ubuntu
 
         if [ ! -e /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local ]; then
@@ -86,7 +86,7 @@
 EOM
 
             mkdir -p /etc/apparmor.d/tunables/xdg-user-dirs.d 2>/dev/null || 
true
-            mv -n "$tmp" /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
+            mv -Z -n "$tmp" /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
             chmod 644 /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
         fi

Reply via email to